CATEGORY: Help Articles

Introducing 2 Factor Authentication

To enhance your account's security, set up two-factor authentication. Two-factor authentication (2FA) requires two forms of identification to access to your account: your e-shot login credentials, and a one-time passcode you receive via text message or QR code.

Before you start

Here are some things to know before you begin this process.

• You'll need to download a two-factor authentication app to your mobile device. (Examples: Authy, Google Authenticator, Authenticator Plus, and others).

• You will always need your mobile device to generate the passcode. 

• When you authenticate with a QR code - this authentication is valid for 30 days.

• You have a maximum of 5 attempts to input the correct code from the authenticator app. (As the authenication code refreshes every 30 seconds ensure that there is enough time to complete the authentication)

Enabling 2FA for an existing user

Account Admins can enable 2FA individually from the users and permissions area within settings for existing users and as part of the new user creation process.

 It is possible to activate for select users or account wide.

Account admins can also complete the initial authentication process from within their user profile by clicking on  

First time logging in with 2FA:

• After 2FA has been activated in the settings for a user the next time they log in (entering valid email/password) they are presented with a QR code to register (if they haven't previously)

• Simply follows the on-screen instructions, downloading any Authenticator App if you have not previously done so and scanning the QR code presented on the screen

• Once you have entered the number presented against the registered QR code and press verifies to continue

• You are logged in! (As this authentication is QR based you will not be prompted again for 30 days).
  

 

Once you have registered a QR code and your first authentication has expired (after 30 days):

• You simply enter your valid email/password and log in and will then be taken to a re-authentication screen

You then simply enter the number presented against the registered QR code and select verify to continue. And you're in!

You will notice in the image above that there is also the option to authenticate using SMS. This is only possible if you have your mobile phone number included in your e-shot user profile.

If you have a mobile number registered in your e-shot user profile you can select the SMS verification option. You will then receive an SMS to your registered number (which is indicated in part in the SMS verification screen).

Simply enter the code received and verify.

What happens if my phone is lost or broken?

The two-factor authentication app connects only to the specific mobile device it is set up on. If you lose the device or otherwise can't access the authenticator app, you'll need assistance from your account admin, who will need to amend your profile so you can associate to your new phone, or agree for 2fa to be disabled for a short time whilst you fix/replace your phone.